CVE-2021-1561Authentication Bypass by Assumed-Immutable Data in Cisco Secure Email AND WEB Manager

CWE-302Authentication Bypass by Assumed-Immutable DataCWE-287Improper Authentication4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 66.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Secure Email AND WEB ManagerCisco Content Security Management Appliance
Timeline
PublishedAug 18
Latest updateMay 24

Description

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-r2wc-g85m-hq39: A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow2022-05-24
CVEList
Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability2021-08-18

📋Vendor Advisories

1
Cisco
Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability2021-08-18
CVE-2021-1561 — Cisco vulnerability | cvebase